value was specified, i.e. print the entire string. This was
not harmful, it just looked weird. File: util/vbuf_print.c.
-20120917
+20140917
Feature: RFC 7372 enhanced status code for unknown SMTP
client hostnames. File: smtpd/smtpd_check.c
Portability: added a tls_random_source default setting for
MacOS X. Viktor Dukhovni. File: util/sys_defs.h.
-20150118
+20160118
Bitrot: OpenSSL 1.1.0-dev (aka the "master" branch) has new
security levels ranging from 0 to 5. Level "0" is backwards
compatible, and other levels are increasingly restrictive.
Viktor Dukhovni. Files: tls/tls_server.c, tls/tls_client.c.
-20161205
+20160205
Portability: Postfix TLS support uses /dev/urandom if
available and no system-specific setting exists in sys_defs.h.
milter/milter.h, smtpd/smtpd.c, smtpd/smtpd.h, smtpd/smtpd_check.c,
smtpd/smtpd_haproxy.c, smtpd/smtpd_milter.c, smtpd/smtpd_peer.c.
-20140612
+20160612
Bugfix (introduced: 20090211): missing server address
conversion for non-proxy, non-postscreen connections. File:
passing arbitrary options. Files: makedefs, Makefile.in,
proto/INSTALL.html.
-20121201
+20161201
Documentation: add 'smtpd_tls_auth_only=yes' to the master.cf
submission service example. File: conf/master.cf.
Documentation: typos in postconf(1) manpage. File:
postconf/postconf.c.
-20121204
+20161204
Cleanup: properly report numerical conversion errors in
${{number} relational-operator ${number}}, and wordsmithing.
cidr, pcre, and regexp table when an input does not match
an ENDIF-less IF operator. Found during code maintenance.
File: util/cidr_map.c, util/dict_regexp.c, util/dict_pcre.c.
+
+20170101
+
+ Portability; SunOS5 builds broke after moving the sys/types.h
+ include statement to the top of sys_defs.h.
+
+ Portability: declaration after code is GNU dialect. File:
+ util/vbuf_print.c.
+
+ Portability: compatibility macros for SSLv23_client_method()
+ etc. deprecation. Files: tls/tls.h, tls/tls_client.c,
+ tls/tls_dane.c, tls_server.c.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20161231"
+#define MAIL_RELEASE_DATE "20170101"
#define MAIL_VERSION_NUMBER "3.2"
#ifdef SNAPSHOT
#define ASN1_STRING_get0_data ASN1_STRING_data
#define X509_getm_notBefore X509_get_notBefore
#define X509_getm_notAfter X509_get_notAfter
+#define TLS_method SSLv23_method
+#define TLS_client_method SSLv23_client_method
+#define TLS_server_method SSLv23_server_method
#endif
/* SSL_CIPHER_get_name() got constified in 0.9.7g */
* we want to be as compatible as possible, so we will start off with a
* SSLv2 greeting allowing the best we can offer: TLSv1. We can restrict
* this with the options setting later, anyhow.
- *
- * OpenSSL 1.1.0-dev deprecates SSLv23_client_method() in favour of
- * TLS_client_method(), with the change in question signalled via a new
- * TLS_ANY_VERSION macro.
*/
ERR_clear_error();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION)
client_ctx = SSL_CTX_new(TLS_client_method());
-#else
- client_ctx = SSL_CTX_new(SSLv23_client_method());
-#endif
if (client_ctx == 0) {
msg_warn("cannot allocate client SSL_CTX: disabling TLS support");
tls_print_errors();
msg_fatal("Cannot allocate SSL application data index");
ERR_clear_error();
- if ((client_ctx = SSL_CTX_new(SSLv23_client_method())) == 0)
+ if ((client_ctx = SSL_CTX_new(TLS_client_method())) == 0)
msg_fatal("cannot allocate client SSL_CTX");
SSL_CTX_set_verify_depth(client_ctx, 5);
* SSLv2), so we need to have the SSLv23 server here. If we want to limit
* the protocol level, we can add an option to not use SSLv2/v3/TLSv1
* later.
- *
- * OpenSSL 1.1.0-dev deprecates SSLv23_server_method() in favour of
- * TLS_client_method(), with the change in question signalled via a new
- * TLS_ANY_VERSION macro.
*/
ERR_clear_error();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION)
server_ctx = SSL_CTX_new(TLS_server_method());
-#else
- server_ctx = SSL_CTX_new(SSLv23_server_method());
-#endif
if (server_ctx == 0) {
msg_warn("cannot allocate server SSL_CTX: disabling TLS support");
tls_print_errors();
* directory. Adding support for a new system type means updating the
* makedefs script, and adding a section below for the new system.
*/
+#ifdef SUNOS5
+#define _SVID_GETTOD /* Solaris 2.5, XSH4.2 versus SVID */
+#endif
#include <sys/types.h>
/*
*/
#ifdef SUNOS5
#define SUPPORTED
-#define _SVID_GETTOD /* Solaris 2.5, XSH4.2 versus SVID */
#define UINT32_TYPE unsigned int
#define UINT16_TYPE unsigned short
#define MISSING_SETENV
*/
#ifndef NO_SNPRINTF
#define VBUF_SNPRINTF(bp, sz, fmt, arg) do { \
+ ssize_t _ret; \
VBUF_SPACE((bp), (sz)); \
- ssize_t _ret = snprintf((char *) (bp)->ptr, (bp)->cnt, (fmt), (arg)); \
+ _ret = snprintf((char *) (bp)->ptr, (bp)->cnt, (fmt), (arg)); \
if (_ret < 0) \
msg_panic("%s: output error for '%s'", myname, (fmt)); \
if (_ret >= (bp)->cnt) \
projects / thirdparty / postfix.git / commitdiff
